window 2008 r2 server help please??? RRS feed

  • Question

  • Hi I just bought a new vps window 2008 r2 server. I have address this issue with the vps company that I purchase the vps from, but they say that they do not offer technical support for the vps and that the problem at hand,  is windows running in it default which I highly the way I have absolutely nothing running on the vps cause when I usually buy a vps I make sure everything is running right and my security is secure and harden however I always worked with linux OS and this is my first time on a windows server...ok to the problem when I first bought the vps I ran a nmap scan to find out what ports where running and it was three ports 19 chargen which was filtered and 5904 vnc default port and 3389 RPD filtered.... so I went ahead and add a new user with admin privileges....and I did the scan again and now.... let me copy and paste

    PORT     STATE         SERVICE
    19/tcp   filtered      chargen
    22/tcp   open          ssh
    111/tcp  open          rpcbind
    3389/tcp filtered      ms-wbt-server
    5902/tcp open          vnc-2
    5904/tcp open          unknown
    6000/tcp open          X11
    6006/tcp open          X11:6
    6156/tcp open          unknown
    111/udp  open          rpcbind
    123/udp  open          ntp
    623/udp  open|filtered asf-rmcp
    3389/udp open|filtered ms-wbt-server

    that is what the scan comes out to now and the vps host keeps telling me that these are default and I don't agree with them....The problem at hand is that fact that 1. my ssh is running on a default port causing my bandwidth to max out because it is being bruteforce like crazy my logs file show many many many failed logins....2. I access the server through vnc cause that what they have it configured too and I don't need all the other vnc ports open again this is a security risk and eventually someone will get in....3. RDP 3389 is open but filtered and is not in use....I guess my question is how do I use windows 2008 r2 firewall to close theses ports or atleast disable them cause I can't find these ports/ services in the firewall anywhere and the vps company assures me they have no control over this and it frustrating cause I have been all over google reading and researching without luck and I just want to be able to finally secure my server and move on to installing and running my services...but I can't until this issue is fixed so if anybody has any help much will be appreciated and I am very sorry for the long message I just wanted the reader to understand my present situation....any way thanks for reading and helping have a good day thank you...

    Tuesday, April 26, 2016 1:42 AM